1. Field of the Invention
The present invention relates to a technology for performing a packet filtering and transmission/reception of path information between network devices.
2. Description of the Related Art
Conventionally, a packet filtering with an access control list, a packet filtering function, and the like is generally realized by hardware in a network device such as a router and a switching hub. With the packet filtering realized by the hardware, it is possible to improve a processing speed. However, when the number of filters to be set is increased, hardware resources may be depleted because of a hardware resource limitation.
On the other hand, the packet filtering is realized by software in some cases. If the packet filtering is realized by the software, it is possible to prevent a hardware resource depletion. However, when the number of filters to be set is increased, the processing load of the software is increased, resulting in degrading a processing performance of the network device.
A technology for assuring the hardware resource of the network device has been developed for realizing the packet filtering with the access control list and the packet filtering function by the hardware.
For example, a technology for assuring the hardware resource in a router is disclosed in Japanese Patent Application Laid-Open No. 2005-130489. In the above technology, a shared access control list is created for the resources on a same line card in the router, so that the shared access control list is used by a plurality of the interfaces in the router, thus enabling to delete copies of the access control lists redundantly set in the same router.
However, with the technology described above, the shared access control list is generated and the redundantly set access control lists are deleted exclusively in the same router. Accordingly, if the access control lists are redundantly set in a plurality of the routers in the same network, copies of the access control lists can hardly be deleted (or combined), which results in failing to effectively assure the hardware resources of the network devices in the same network.